|
|
@@ -45,7 +45,7 @@ https://en.wikipedia.org/wiki/PBKDF2[PBKDF2],
|
|
|
https://en.wikipedia.org/wiki/Scrypt[scrypt],
|
|
|
and https://en.wikipedia.org/wiki/Argon2[Argon2].
|
|
|
|
|
|
-Because adaptive one-way functions are intentionally resource intensive, validating a username and password for every request will degrade performance of an application significantly
|
|
|
+Because adaptive one-way functions are intentionally resource intensive, validating a username and password for every request will degrade performance of an application significantly.
|
|
|
There is nothing Spring Security (or any other library) can do to speed up the validation of the password since security is gained by making the validation resource intensive.
|
|
|
Users are encouraged to exchange the long term credentials (i.e. username and password) for a short term credential (i.e. session, OAuth Token, etc).
|
|
|
The short term credential can be validated quickly without any loss in security.
|
Rob Winch